From c9c9fc3a9687b4030a2849b8f918ea413ae9f2d4 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Mon, 24 Dec 2018 22:50:29 -0500 Subject: [PATCH] Code cleanup in events - Replace killme() with exit() - Use correctly escaped query string - Simplify perms2str input filtering - Add expected json header to /events/json --- mod/events.php | 27 +++++++++++++++++++-------- src/Model/Event.php | 1 - 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/mod/events.php b/mod/events.php index f147e00545..a788cc157c 100644 --- a/mod/events.php +++ b/mod/events.php @@ -102,8 +102,18 @@ function events_post(App $a) $location = Strings::escapeHtml(trim(defaults($_POST, 'location', ''))); $type = 'event'; - $action = ($event_id == '') ? 'new' : "event/" . $event_id; - $onerror_path = "events/" . $action . "?summary=$summary&description=$desc&location=$location&start=$start_text&finish=$finish_text&adjust=$adjust&nofinish=$nofinish"; + $params = [ + 'summary' => $summary, + 'description' => $desc, + 'location' => $location, + 'start' => $start_text, + 'finish' => $finish_text, + 'adjust' => $adjust, + 'nofinish' => $nofinish, + ]; + + $action = ($event_id == '') ? 'new' : 'event/' . $event_id; + $onerror_path = 'events/' . $action . '?' . http_build_query($params, null, null, PHP_QUERY_RFC3986); if (strcmp($finish, $start) < 0 && !$nofinish) { notice(L10n::t('Event can not end before it has started.') . EOL); @@ -137,10 +147,10 @@ function events_post(App $a) if ($share) { - $str_group_allow = !empty($_POST['group_allow']) ? perms2str($_POST['group_allow']) : ''; - $str_contact_allow = !empty($_POST['contact_allow']) ? perms2str($_POST['contact_allow']) : ''; - $str_group_deny = !empty($_POST['group_deny']) ? perms2str($_POST['group_deny']) : ''; - $str_contact_deny = !empty($_POST['contact_deny']) ? perms2str($_POST['contact_deny']) : ''; + $str_group_allow = perms2str(defaults($_POST, 'group_allow' , '')); + $str_contact_allow = perms2str(defaults($_POST, 'contact_allow', '')); + $str_group_deny = perms2str(defaults($_POST, 'group_deny' , '')); + $str_contact_deny = perms2str(defaults($_POST, 'contact_deny' , '')); // Undo the pseudo-contact of self, since there are real contacts now if (strpos($str_contact_allow, '<' . $self . '>') !== false) { @@ -181,7 +191,7 @@ function events_post(App $a) if (intval($_REQUEST['preview'])) { $html = Event::getHTML($datarray); echo $html; - killme(); + exit(); } $item_id = Event::store($datarray); @@ -364,8 +374,9 @@ function events_content(App $a) } if ($a->argc > 1 && $a->argv[1] === 'json') { + header('Content-Type: application/json'); echo json_encode($events); - killme(); + exit(); } if (!empty($_GET['id'])) { diff --git a/src/Model/Event.php b/src/Model/Event.php index 886f124153..348ced5256 100644 --- a/src/Model/Event.php +++ b/src/Model/Event.php @@ -14,7 +14,6 @@ use Friendica\Core\PConfig; use Friendica\Core\Renderer; use Friendica\Core\System; use Friendica\Database\DBA; -use Friendica\Model\Contact; use Friendica\Util\DateTimeFormat; use Friendica\Util\Map; use Friendica\Util\XML;